Tor users should check their computers for malware

Authorities are advising all users of the Tor network to check their computers for malware after it emerged that a Russian hacker has been using the network to spread a powerful virus.

Tor, which began as a secret project from the US Naval Research Laboratory, works by piling up layers of encryption over data, nested like the layers of an onion, which gave the network its original name, The Onion Router (TOR).

Tor encrypts data, including the destination IP address, multiple times and sends it through a virtual circuit made up of successive, randomly selected relays. Each relay decrypts a layer of encryption to reveal only the next relay in the circuit.

The final relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source IP address.

However, it has emerged that one of these exit nodes had been modified to alter any program downloaded over the network. This allowed the attacker to put his own executable code in such programs, and potentially take control of victims' computers.

Due to the altered node, any Windows executable downloaded over the network was wrapped in malware, and worryingly even files downloaded over Windows Update were affected.

The American National Security Agency (NSA) has made considerable efforts in the past to crack the encryption protocols behind Tor, but to limited success. Instead, they've just banked on tracking everyone who uses it, or even searched about it on Google.

Anyone who thinks they might have been infected should take security precautions and check out our guide on what to do if you think your email account has been hacked.